Add EdwardsPoint::from_uniform_bytes()

Author: daxpedda

curve25519-dalek/src/edwards.rs

@@ -763,6 +763,34 @@ impl EdwardsPoint {
             }
         }
     }
+
+    /// Construct a `EdwardsPoint` from 64 bytes of data.
+    ///
+    /// If the input bytes are uniformly distributed, the resulting
+    /// point will be uniformly distributed over the group, and its
+    /// discrete log with respect to other points should be unknown.
+    ///
+    /// # Implementation
+    ///
+    /// This function splits the input array into two 32-byte halves,
+    /// takes the low 255 bits of each half mod p, applies the Elligator2
+    /// map to each, and adds the results.
+    pub fn from_uniform_bytes(bytes: &[u8; 64]) -> EdwardsPoint {
+        // https://www.rfc-editor.org/rfc/rfc9380.html#section-3-4.1.2
+
+        let mut q = [0u8; 32];
+
+        q.copy_from_slice(&bytes[0..32]);
+        let q0 = FieldElement::from_bytes(&q);
+        let Q0 = Self::map_to_curve(q0);
+
+        q.copy_from_slice(&bytes[32..64]);
+        let q1 = FieldElement::from_bytes(&q);
+        let Q1 = Self::map_to_curve(q1);
+
+        let R = Q0 + Q1;
+        R.mul_by_cofactor()
+    }
 }
 
 // ------------------------------------------------------------------------